feat: Include the seccompProfile in default securityContext (#138)

* feat: specify the seccompProfile in default securityContext To abide by the restricted Pod Security Standard, the seccompProfile type must be set in the securityContext to either RuntimeDefault or Localhost. https://kubernetes.io/docs/concepts/security/pod-security-standards/ Flipt runs fine with the RuntimeDefault profile as it doesn't require any special seccomp. Allows applying this helm chart out-of-the-box into a namespace that has restricted PSS enforcement enabled. * chore: Bump the chart minor version to 0.58.0
flipt-io · Apr 9, 2024 · e7d4df2 · e7d4df2
1 parent fd067bc
commit e7d4df2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/charts/flipt/Chart.yaml b/charts/flipt/Chart.yaml
@@ -3,7 +3,7 @@ name: flipt
 home: https://flipt.io
 description: Flipt is an open-source, self-hosted feature flag solution.
 type: application
-version: 0.57.0
+version: 0.58.0
 appVersion: v1.40.0
 maintainers:
   - name: Flipt

diff --git a/charts/flipt/values.yaml b/charts/flipt/values.yaml
@@ -40,6 +40,8 @@ securityContext:
   readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 100
+  seccompProfile:
+    type: "RuntimeDefault"
 
 ## Expose the flipt service to be accessed from outside the cluster (LoadBalancer service).
 ## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.